As a company you handle personal information of your customers and employees. In law, you are obliged to safeguard this data and ensure that it’s used in a proper manner. However, it is not always clear what is considered to be personal information.

It is important to understand that the definition of personal data is different according to the jurisdiction and country. It generally refers to any information that identifies an individual. This includes data such as the person’s email address or telephone number, but it includes any other information that can be linked to an individual, thereby making them identifiable. For example the date of birth, their mother’s maiden names biometric data, information about passports and visas or credit card numbers, and other sensitive data regarding employment (e.g. performance ratings and disciplinary records).

Furthermore, the information must be reasonably identifiable by others. If it is difficult for other people to recognize the information, it is not considered as personal. This is known as the “practicability” test.

The final step to determine whether something is personal is that it has to be in the name of a living, identifiable person. This doesn’t include details that are related www.bizinfoportal.co.uk/2021/04/15/identifying-the-business-finance-function-you-may-have/ to business, such as invoices, orders or any other documents used in business.

Personal information with sensitive content can be extremely harmful if lost, stolen or otherwise disclosed without authorization. It is essential to educate employees about the importance of safeguarding sensitive PII. Also, you must take steps to protect the information when not in use, for example, shutting down unattended computer systems and destroying paper documents. It is also important to regularly review the PII stored in your system and limit access to individuals who have a business need to perform this.